The arrest in December of Meng Wanzhou, chief financial officer of technology giant Huawei, demonstrates that federal law enforcement action remains the U.S. government’s most prominent response to suspected cybercrimes by China and Russia.
Meng, now free on bail in Canada, is reportedly charged by the Justice Department with violating U.S. export controls and sanctions pertaining to Iran. But her arrest takes place within the wider geopolitical context of longstanding suspicion that Huawei and other Chinese companies are acting for Beijing’s intelligence and security services to conduct cyberespionage against us and in support of rogue regimes in Iran and North Korea.
The indictment of Meng is of a piece with special counsel Robert Mueller’s July indictments of at-large Russian intelligence officers for Moscow’s now-notorious interference in the 2016 U.S. presidential election. Although they did not dispositively affect the election’s result, this may still be termed a cyber-enabled covert influence action.
Meng’s arrest is also reminiscent of the Justice Department’s 2014 indictments of intelligence officers, from the Third Chinese People’s Liberation Army’s Unit 61398, for cyberfraud and theft against American industrial companies and a labor union in western Pennsylvania. They, unlike Meng, remain at liberty in China.
The preference of policymakers’ from both parties, and from within the federal bureaucracy, for a primarily law enforcement response to Chinese and Russian cybercrime is understandable. U.S. diplomatic demarches are ignored by foreign ministries, which deny knowledge of their intelligence services’ actions. Military action against nuclear-armed states would be unwise.
Escalation to cyberattack by the U.S., in response to cyber-enabled covert influence, espionage, or fraud, would invite retaliation in kind against American infrastructure, which may be more vulnerable than that of a particular adversary. It would also expose U.S. capabilities to other rivals in this developing field, helping them to develop countermeasures.
As indictments — and, with luck, more arrests, extraditions, convictions, and stiff sentences — are the likely American response to cybercrimes for the foreseeable future, the U.S. government ought to provide its agents and prosecutors with more up-to-date and useful legal tools. In addition to conducting computer operations directly from their own territory, foreign intelligence services also use domestic-headquartered international businesses. Subsidiaries located in U.S.-allied countries, and inside the U.S. itself, serve as cover for espionage to obtain American intellectual property, especially from our defense-industrial base.
Our national adversaries also use transnational criminal organizations as state proxies to steal American IP or manipulate our politics. Gangs and entities such as Russia’s Internet Research Agency cooperate with governments in such efforts for reasons ranging from profit, to protection, to ideological sympathy with our enemies.
Unfortunately, some of our organized crime and surveillance laws remain stuck in the 1970s, making it unnecessarily difficult for federal law enforcement to combat cybercrimes, especially those committed by nonstate criminals. For example, computer fraud is not a predicate crime under our racketeering statute. Neither are criminal violations of digital copyrights. Our most powerful gang statute, used with such good effect against the mafia, is therefore unreasonably hard to apply to hacking to influence an election, or to stealing intellectual property.
Similarly, the statute authorizing court-ordered wiretaps for future use at trials does not provide for warrants to obtain evidence of the criminal theft of intellectual property.
The executive order authorizing U.S. intelligence activities does not explicitly allow for collection against transnational gangs engaged in non-drug offenses, such as cybercrimes. Absent such permission, rank-and-file law enforcement and intelligence officials shy away from using national security tools against this nontraditional, but very important, target.
The executive order that makes sanctions available to use against criminal organizations applies only to those that operate in three or more countries. It is therefore inapplicable to gangs based in just two countries, such as Russian crooks conducting election-related hacking in the U.S., or a Chinese gang stealing intellectual property in the U.S.
At the moment, the federal government remains shut down as Washington awaits pending clashes between the White House and the new Democratic House in the 116th Congress.
Protecting American intellectual property and jobs, and the integrity of our electoral system, against foreign cybercriminals should not be a partisan issue. More physical walls on our porous southwest border may marginally benefit our security. But legal holes in our racketeering and wiretap statutes, and our executive orders on intelligence and sanctions, are already being exploited by foreign adversaries and transnational gangs in cyberspace.
It would be simple good government for President Trump and the Congress to act together to close these loopholes now.
Kevin Carroll served as executive director and chief counsel for the U.S. Council on Transnational Organized Crime from 2017-18, and was earlier a CIA and military intelligence officer.
